I think every Java application in production should enable JMX access. Without JMX, there's little chance to debug JVM-level problems, especially those related to out of memory errors. Even if your application doesn't export its own MBeans for monitoring, you can still take advantage of those that come out of the box with Sun's HotSpot VM. All you have to do is to pass some command line arguments to the virtual machine.
For example, to enable JMX for local access (that is, for an application that runs on the same machine as your JMX client) use the following option:
java -Dcom.sun.management.jmxremote OTHER_OPTIONS
Then you can use jconsole or some other JMX tool and connect to the Java process you started.
In application servers or servlet containers like Tomcat, you typically don't execute the VM directly. Instead, there are startup scripts that set all kinds of parameters (and typically leave out JMX). The easiest way to enable JMX access on Tomcat is to set the CATALINA_OPTS environment variable for your Tomcat installation. On Unix systems, create a file setenv.sh inside Tomcat's bin directory (next to startup.sh) with the following content:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote"
The startup script reads this file and adds the option to the Java command line (this means you have to restart Tomcat, of course). If everything works, you should see the Tomcat process from your local jconsole's process listing. On Windows systems, you can set the environment variable via setenv.bat.
Here's an example to enable remote access:
export CATALINA_OPTS="-Dcom.sun.management.jmxremote.port=8090 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
From your local jconsole, you can then connect to the remote JMX agent. On the connection screen select "Remote Process" and enter hostname:8090 into the text box. Since there's no authentication, this setup is obviously only suitable in friendly environments.
Whether this works or not also depends on your firewall setup. In many cases, JMX causes problems due to its dynamic port assignment. See the official documentation for more information on firewall issues and on how to secure JMX access for production environments.